projects / plack-app-gruntmaster.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 42243f0)
Update Content-Security-Policy to version 2
authorMarius Gavrilescu <marius@ieval.ro>
Wed, 25 Feb 2015 20:23:27 +0000 (22:23 +0200)
committerMarius Gavrilescu <marius@ieval.ro>
Wed, 25 Feb 2015 20:23:27 +0000 (22:23 +0200)
app.psgi patch | blob | blame | history

diff --git a/app.psgi b/app.psgi
index dc9f75b333b5112b99bca0cb0f8a486b9d55069e..c61b8bbbb4c8c78dde09bbd09e2eecb69ebde8da 100644 (file)
--- a/app.psgi
+++ b/app.psgi
@@ -13,7 +13,21 @@ use Tie::Hash::Expire;
 
 use constant AUTH_TIMEOUT => 5 * 60;
 use constant ACCESSLOG_FORMAT => 'combined';
-use constant CONTENT_SECURITY_POLICY => q,default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self'; connect-src 'self',;
+
+sub CONTENT_SECURITY_POLICY () {
+       my $csp = <<CSP;
+default-src 'none'
+connect-src 'self'
+form-action 'self'
+frame-ancestors 'none'
+img-src 'self'
+referrer origin-when-cross-origin
+script-src 'self'
+style-src 'self'
+CSP
+       chomp $csp;
+       $csp =~ s/\n/; /gr;
+}
 
 our $db //= Gruntmaster::Data->connect($ENV{GRUNTMASTER_DSN} // 'dbi:Pg:');
 
Gruntmaster page generators
This page took 0.010917 seconds and 4 git commands to generate.